Two years after the OPM data breach: What government agencies must do now

Recent reports show declining grades for government agencies’ efforts to improve cybersecurity. Experts weigh in on what needs to be done.

There are also background investigations on people applying for security clearances, as well as their spouses, which includes things like criminal and financial histories and information about their friends, family members and business acquaintances. More than a million fingerprints were also lost. "The scariest thing is the fallout we haven't yet seen, the potential corruption of data, the long-term effects of espionage on national security," says Willis Towers Watson's Dagostino. The data could be used to unmask covert agents, for example.

In addition, the sensitive background information can help a foreign power to find and recruit potential intelligence sources. "It was a great hit to the United States, and I don't believe we've seen the full impact of it," says Brian White, COO at Baltimore-based RedOwl. White has previously worked at the Department of Homeland Security. "And we are still not doing everything possible to protect our most sensitive information," he adds.